Date: Thu, 5 May 2005 16:06:40 GMT From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 76561 for review Message-ID: <200505051606.j45G6e5W061801@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=76561 Change 76561 by csjp@csjp_xor on 2005/05/05 16:05:39 Fix long standing kernel panic associated with NFS. The problem stems from dispatching VOP_GETATTR from the kernel using NOCRED. The NFS subsystem will dereference ucred when forming the NFS request resulting in a panic. I have changed the code to use the calling credential of the user in order to retrieve information about the file. However this in itself is fairly futile in that NFS does not support extended attributes. While this change should not do any harm, a more long term fix would be to implement an efficient way to check the capabilities of the files system. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#5 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#5 (text+ko) ==== @@ -204,10 +204,11 @@ struct vcache_fs *vfc; struct vattr va, *vap; int error; + struct thread *td = curthread; /* XXX */ ASSERT_VOP_LOCKED(vp, "mac_chkexec_get_fs_cache: no vlock held"); vap = &va; - error = VOP_GETATTR(vp, vap, NOCRED, curthread); + error = VOP_GETATTR(vp, vap, td->td_ucred, td); if (error) return (NULL); mtx_lock(&cache_mtx); @@ -239,6 +240,7 @@ struct vcache *vcp; int error; struct vattr *vap, va; + struct thread *td = curthread; ASSERT_VOP_LOCKED(vp, "no vlock held"); if (!mac_chkexec_cache) @@ -249,7 +251,7 @@ if (vfc == NULL) return; vap = &va; - error = VOP_GETATTR(vp, vap, NOCRED, curthread); + error = VOP_GETATTR(vp, vap, td->td_ucred, td); if (error) return; vcp = uma_zalloc(cache_zone, M_WAITOK); @@ -284,13 +286,14 @@ struct vcache_fs *vfc; struct vattr *vap, va; int error; + struct thread *td = curthread; ASSERT_VOP_LOCKED(vp, "no vlock held"); vfc = mac_chkexec_get_fs_cache(vp); if (vfc == NULL) return; vap = &va; - error = VOP_GETATTR(vp, vap, NOCRED, curthread); + error = VOP_GETATTR(vp, vap, td->td_ucred, td); if (error) return; vc.fileid = vap->va_fileid; @@ -319,12 +322,13 @@ int error; struct vcache_fs *vfc; struct vattr va, *vap; + struct thread *td = curthread; if (!mac_chkexec_cache) return (NULL); ASSERT_VOP_LOCKED(vp, "no vlock held"); vap = &va; - error = VOP_GETATTR(vp, &va, NOCRED, curthread); + error = VOP_GETATTR(vp, &va, td->td_ucred, td); if (error) return (NULL); vfc = mac_chkexec_get_fs_cache(vp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505051606.j45G6e5W061801>